1. Field of the Invention
The present invention relates generally to a public key infrastructure, and more particularly, to a method and a system for registering and verifying a smart card certificate for users moving between public key infrastructure domains, which allows a user moving between domains to have a smart card certified in a terminal located in an external domain other than a home domain.
2. Description of the Related Art
A Public Key Infrastructure (PKI) allows users of a basically insecure public network, such as the Internet, to securely exchange data or money in the state where information security is assured, using a public and a private cryptographic key pair provided from a reliable authority.
The PKI generally includes a certification authority that issues and verifies digital certificates, a registration authority that acts as a verifier for the certification authority before certificates including information of public keys or private keys and digital certifications are issued to requesters, one or more directories where the certificates with their public keys are held, and a certification management system that manages the certificates.
The operation principles of the public keys and private keys are as follows. In public key cryptography, public and private keys are simultaneously created using the same algorithm by a certification authority. The private key is given only to requesters, and the public key is disclosed in directories, which all users can access, as parts of digital certificates. The private key is not shared with another user or is not transmitted across the Internet. A user uses a private key to decrypt a text that has been encrypted using the user's public key by someone else who can find out the user's public key from a public directory. Therefore, if a transmitter sends a certain message, the user can find out the public key of a receiver through a central administrator, and then sends the message encrypted using the public key. The receiver receiving the message decrypts the message using the user's private key. In addition to encrypting the message, the transmitter can authenticate the user by using the user's private key to encrypt a digital certificate.
Additionally, a smart card is made of plastics, to have a credit card size, and is equipped therein with a microchip for storing data. The smart card is used for various purposes, such as prepaid telephone calling and electronic payment, and can be reused by periodical charge.
In more detail, such a smart card is used to make a call using a mobile phone and pay a corresponding call charge, to confirm the user's identity at the time of accessing an Internet bank, to pay a parking fee or a fare of subway, train or bus, to directly provide personal information to a hospital or doctor without filling in a blank document, and to purchase a commodity in an online shop.
Such a smart card can contain much information compared to a magnetic stripe card, and be programmed to be used for various purposes. There are used smart cards that include data and programs to be used for various purposes besides general smart cards, and smart cards that can be upgraded for new uses after issuance. A smart card can be designed so that it is inserted into a slot to be read by a special reader, or designed to be read in a non-contact manner so that it is read from a distance, such as for a toll-road payment.
Meanwhile, as international electronic commerce is actively carried out and international travels, such as official tours, are common, a need for electronic certification for electronic commerce between countries has increased. Under such conditions, according to EMV2000 specifications decided by a group created by Europay, MasterCard and Visa, certification can be successfully performed only in cases where a terminal has a public key that can verify an electronic signature included in a certificate of the smart card at the time of certification between the smart card and the terminal. However, in the PKI domain structure, an individual certification authority is located in each of domains, and therefore public keys, which can verify electronic signatures of certification authorities, are different. For example, in Korea, public certification authorities issue public certificates usable only in Korea to users. As described above, in the PKI domain structure, terminals of one domain have a public key that can verify certificates issued by a certification authority of the domain in which the terminals are located, and do not have a public key of a certification authority of a different domain, and therefore certification of another domain cannot be performed.
That is, a user's smart card located in an external domain has a certificate signed electronically by a certification authority located in a home domain to which the smart card belongs, and a terminal should verify the certificate to certify the smart card. However, when the user wants the user's smart card to be certified in the external domain, the terminal does not have a public key of the certification authority that has issued the certificate to the smart card, so the certificate cannot be verified, and therefore, the smart card cannot be certified.